This invention relates to identification and security systems which protect access to electronic host systems, such as computers and the like. More particularly this invention relates to an apparatus for accepting a biometric measurement which is then used as a seed for deriving a security token. Such token is communicated to a host system for determining whether access to such host is to be authorized.
With the increase in private information potentially accessible to anyone using electronic communication systems, there is a corresponding increase in the need to provide security measures for safeguarding access to such information. Automatic teller machines for banking transactions allow anyone in possession of a select bank card and knowledge of a corresponding personal identification number (PIN) to access a corresponding bank account to withdraw or transfer money. Persons can even pay their bills or shop by computer. The increasing opportunity to implement electronic transactions is accompanied by an increasing danger of electronic theft. Thus, there is a need for increasingly effective security mechanisms.
Common security mechanisms include use of a personal identification number (PIN) and use of a security token. A PIN is used to identify an individual and authorize access to a host system (e.g., banking transaction system). A security token is a non-predictable code derived from a private key, e.g. a unique fixed value, and a public key, e.g. a time varying value. For example, a password (fixed key) is encoded based upon time-variant information. Such token then is forwarded to the host which decodes the token back to a password. The token thus provides security during transmission to prevent the unique fixed value from being identified. Even if a perpetrator intercepts a token during transmission, reapplication of the intercepted token will not enable access to the host system because the time-varying "public key" will have changed. Thus, a PIN provides user identification, while a token provides transmission security.
A problem with personal identification numbers and tokens is that the legitimate user must remember the number or password. For users having many numbers or passwords, the task of remembering can be burdensome. Further, some cards, such as long distance calling cards, even print the private access code directly on the card. Thus, if the card is lost or stolen, the finder may access the system at the legitimate user's expense. Accordingly, there is a need for an improved security mechanism enabling convenient use, while providing security safeguards.
One known use of biometric information with secret codes and tokens is described in U.S. Pat. No. 4,998,279 issued Mar. 5, 1991 for METHOD AND APPARATUS FOR PERSONAL VERIFICATION UTILIZING NONPREDICTABLE CODES AND BIOCHARACTERISTICS ("Weiss"), the full disclosure of which is hereby incorporated herein by reference. According to such disclosure, a credit card sized computer generates a token from a secret "fixed" code (i.e., PIN) and a public "time-varying" code (i.e., time of day). Such token is displayed on the card so the user can enter the token to an access machine. The entry is done so as to combine the token with biocharacteristic information. For example, the token may be entered by having the user write the token numbers on a pressure-sensing pad or speak the token numbers into a telephone. The access verification system then compares the token to see if valid and compares the bio-input (e.g., voice or signature) to see if from the authorized user. Thus, the biocharacteristic information is used to identify an authorized user.
Another common security mechanism that uses a personal identification number PIN and security token is a challenge/response token. It produces a dynamic security password not from a time varying value generated internally, but from a challenge number provided by the host system and manually input to the token. One such example is the SafeWord.RTM. AccessCard produced by Enigma Logic, Inc., of Concord, Calif.